Researchers from security firm Symantec have found and analysed a version of the Stuxnet cybersabotage malware that predates previously discovered versions by at least two years and used a different method of disrupting uranium enrichment processes at Iran's nuclear facility at Natanz.
Stuxnet was discovered in 2010 and was considered to be the most sophisticated malware ever seen until that time. It used multiple exploits to spread, most of them previously unknown, and was the first piece of malware to target industrial control systems. Based on time stamps found in the collected Stuxnet samples, security researchers believed that it was originally created in 2009 -- until now.
The version discovered by Symantec researchers -- dubbed Stuxnet 0.5 -- was actively used in 2007 and there is evidence to suggest that it might date back to 2005, when the domain names used for its command and control (C&C) servers were first registered.
Time stamps found in the Stuxnet 0.5 code are in the range of 2001, but these are unlikely to be accurate, said Vikram Thakur, principal security response manager at Symantec, on Tuesday.
The Symantec researchers believe that Stuxnet 0.5 is the missing link between Stuxnet 1.0 and the Flame or Flamer cyberespionage malware discovered in 2012, but which is believed to predate Stuxnet.
Technical evidence suggested that Flame and Stuxnet 1.0 were built on different development platforms, but security researchers established enough similarities between the two threats in order to conclude that Stuxnet's creators had access to the Flame code base.